Reasons to Avoid Microsoft

Show All

Security Hole

These pages are a compilation of links and quotes to news articles and others sources that might help convince you to switch to Linux.

Warning

/var/www/lugod/microsoft/includes.php

Double MyDoom for Internet Explorer flaw (ZDNet News, 2004.11.09)
The viruses use a vulnerability in Microsoft's Internet Explorer 6.0 that allows an attacker to run a program on a computer just by getting the user to click on a link.
ATMs in peril from computer worms? (The Register, 2004.10.20)
Some anti-virus firms are trying to carve out a new market for their technology by trying to persuade banks that Automatic Teller Machines (ATMs) running Windows need protecting from computer worms. ... 'Previously isolated cash machines can now be infected by self-launching network viruses via the banks' IP networks. Infections have the potential to bring down ATM machines, incurring downtime, customer dissatisfaction and increased costs fixing infected machines...'
ASP.NET Security Flaw Can Bypass Password (Netcraft, 2004.10.07)
A security flaw in Microsoft's ASP.NET technology could allow intruders to enter password-protected areas of a web site by altering a URL. ... It also apparently allows authenticated users to bypass password protection on administrative areas of a site.
New, dangerous Microsoft JPEG exploit released (InfoWorld, 2004.09.23)
New computer code that exploits a recently disclosed hole in Microsoft Articles) Corp.'s Internet Explorer Web browser is circulating on the Internet and could allow remote attackers to take full control of vulnerable Windows machines, according to warnings from antivirus companies and Internet security experts. ... The new exploits could be spread by a virus in corrupted JPEG images sent as e-mail attachments or served from Web sites.
Hackers Jump On Reported Windows Flaws (InformationWeek, 2004.09.16)
Tuesday, Microsoft noted that a bug in Windows XP, Windows XP SP1, and Windows Server 2003, as well as many of the company's flagship applications, could allow attackers to grab control of PCs. ... Because the [flaw] is widespread--not only in the operating systems but also in such popular applications as those in the Office XP and Office 2003 suites--administrators may be hard-pressed to patch before an exploit is circulating. ... Worse, even patched systems can later be turned into vulnerable computers, Weafer adds, if applications with the flawed image processing .dll are later installed on made-safe PCs.
Windows XP SP2 Has a Dangerous Hole (PC Magazine, 2004.08.26)
Windows XP Service Pack 2 promises to raise the security bar for the sometimes beleaguered operating system. Unfortunately, one of the new features could be spoofed so that it reports misleading information about system security, or worse, lets a malicious program watch for an opportunity to do damage without being detected. ... it's almost like Microsoft has given attackers the path, door and keys, Windows itself contains a test utility, WBEMTEST.EXE, that allows you to view, add and edit the values in the [Windows Management Instrumentation, where firewall and security information is managed.]
Winamp Skin File Arbitrary Code Execution Vulnerability (Secunia, 2004.08.26)
A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.
Meet the Peeping Tom worm (The Register, 2004.08.23)
A worm that has the capability to using webcams to spy on users is circulating across the Net. Rbot-GR, the latest variant of a prolific worm series, spreads via network shares, exploiting a number of Microsoft security vulnerabilities to drop a backdoor Trojan horse program on vulnerable machines as it propagates. Once a backdoor program is installed on a victim's PC it's game over and an attacker can do whatever takes their fancy. ... 'If your computer is infected and you have a webcam plugged in, then everything you do in front of the computer can be seen, and everything you say can be recorded...'
Is Microsoft's Firewall Secure? (PC World, 2004.08.13)
Some say Win XP SP2 enhancements cause conflicts, don't protect as claimed. [The] software suffers from two major flaws, critics say: it does not block outbound traffic, and it can be switched off by another application, possibly even by a clever worm.
Microsoft Internet Explorer Multiple Vulnerabilities (Secunia, 2004.07.13)
[Vulnerabilities] in Internet Explorer [allow] malicious people to bypass security restrictions and potentially compromise a vulnerable system. ... Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too. ... Successful exploitation may potentially cause users to open harmful files or do other harmful actions without knowing it.
U.S., citing security concerns, steers consumers away from IE (EE Times, 2004.07.01)
The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer. ... The particular virus initiated this week ... allows keystroke analysis of user information. The target is believed to be credit card numbers. CERT estimated that as many as tens of thousands of Web sites may [have been infected with the malicious code, via a vulnerability in Microsoft's 'Internet Information Services' webserver software].
Security Group Warns Of Newly Discovered IE Flaw (InformationWeek, 2004.06.30)
Internet Explorer doesn't block malicious Web sites from inserting 'arbitrary content' in an arbitrary frame in a browser window ... [The] malicious content will appear as if it originated from a trusted site, which is an attack commonly known as spoofing.
New scam targets bank customers (SANS, 2004.06.29)
The victim of the attack found that a file ... been loaded onto their machine. ... The second half of the file consists of a ['Browser Helper Object', which Internet Explorer loads when it starts up]. Created BHO's then have access to all the events and properties of that browsing session. This particular BHO watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries. [The malicious code] grabs any outbound POST/GET data from within IE before it is encrypted by SSL.
Internet Explorer Is Just Too Risky (BusinessWeek, 2004.06.29)
People who browsed there on Windows computers got infected with malicious code without downloading anything. ... The biggest security problem in IE, one that has plagued Microsoft and its customers for at least four years and is at the heart of the recent exploit, is a flaw that lets a Web site trick the browser into running an alien program in violation of its own security settings. In effect, an unknown program on a Web site is treated as though it were a trusted program on your computer. Compromised Web sites can covertly install programs ranging from nuisances that cause ad pop-ups to real threats that record your keystrokes, allowing the site to steal your passwords and account information.
Web browser flaw prompts warning (BBC News, 2004.06.26)
Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it. The loophole is being exploited to open a backdoor on a PC that could let criminals take control of a machine. The threat of infection is so high because the code created to exploit the loophole has somehow been placed on many popular websites.
Microsoft warns on IIS 5 and IE attack (vnunet, 2004.06.25)
Sites are appending JavaScript to the bottom of web pages that, when executed, attempts to access a file hosted on another server. 'This file may contain malicious code that can affect the end user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems,' the organisation said.
DoS Attack May Tap Web Graphics Flaw (eWeek, 2004.06.24)
When visitors to a few particular Web sites-including popular auction, shopping and price-comparison sites-request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC. NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer.
Internet Explorer carved up by zero-day hole (Computerworld, 2004.06.09)
Two new vulnerabilities have been discovered in Internet Explorer which allow a complete bypass of security and provide system access to a computer, including the installation of files on someone's hard disk without their knowledge, through a single click. Worse, the holes have been discovered from analysis of an existing link on the Internet and a fully functional demonstration of the exploit have been produced and been shown to affect even fully patched versions of Explorer. ...finally [another part of the attack takes advantage of] an exploit that Microsoft Corp. has been aware of since August 2003 but hasn't patched.
Zombie PCs spew out 80% of spam (The Register, 2004.06.04)
Four-fifths of spam now emanates from computers contaminated with Trojan horse infections... Trojans and worms with backdoor components such as Migmaf and SoBig have turned infected Windows PCs into drones in vast networks of compromised zombie PCs. Instead of using open mail relays or unscrupulous hosts (so-called 'bullet-proof' hosting - in reality, ISPs in developing countries who pull the plug on spammers when enough complaints are received by their upstream provider), spammers are using compromised machines to get their junk mail out. Many security firms reckons many of the most well-publicized worm attacks in recent months (such as MyDoom and Bagle) were launched expressly to install spam Trojans on unsuspecting end users' machines - waiting to be utilized later as a spam delivery relay.
Microsoft Discloses Huge Number Of Windows Vulnerabilties (TechWeb, 2004.04.13)
The total number of vulnerabilities in the four security bulletins tallied an astounding 20 separate flaws in Windows and Outlook Express. ... Sixteen of the 20 vulnerabilities can be exploited remotely, the most dangerous type of bug because hackers can conduct an attack over the Internet. ... The most severe of the dozen-plus-two vulnerabilities -- six of the bugs are rated 'Critical' -- could allow an attacker to take complete control of an system, including installing programs, deleting data, or creating new user accounts that have full access privileges.
Vulnerability in Internet Explorer ITS Protocol Handler (US-CERT, 2004.04.08)
[A] vulnerability in Microsoft Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the user running IE. The attacker could also read and manipulate data on web sites in other domains or zones.
'Witty' Worm Wrecks Computers (Washington Post, 2004.03.21)
A quickly spreading Internet worm destroyed or damaged tens of thousands of personal computers worldwide Saturday morning by exploiting a security flaw in a firewall program designed to protect PCs from online threats... Unlike many recent worms that arrive as e-mail attachments, it spreads automatically to vulnerable computers without any action on the part of the user.
Spammers target home PCs (BBC News, 2004.03.05)
You may hate getting spam but unless you are careful you could be responsible for sending some of it. It is estimated that at least one-third of all junk mail messages is being relayed by home computers. And to make matters worse your humble home PC was probably turned into a spam-spewing relay by one or more computer viruses.
Lurking 'spyware' may be a security weak spot (New Scientist, 2004.03.04)
One in twenty computers with an internet connection may be harbouring unwanted 'spyware' programs that can record a user's computer use, generate nuisance pop-up ads and may pose a security risk, suggests a US study. ... Spyware may record a user's keystrokes or web browsing activity for market-research purposes. Or it may cause pop-up adverts to appear when a user is browsing the web. Some programs may even alter browser settings to redirect to a particular search engine. Many are difficult to remove without special software tools.
Does open source software enhance security? (The Register, 2004.03.04)
There are advantages to openness per se, though not the one most often cited. Open source developers have got to be more careful and security-conscious than their closed-source counterparts. This encourages a better product overall. There is a corresponding disadvantage in closed-source software: obscurity may inconvenience blackhats a bit and help limit the number of potential attackers, but it works only so long as obscurity is maintained. Secrecy can be useful, but it is a fragile defense. Once the code is released, the software becomes an easier target than it once had been; but because it was developed with the assumption that it would not be released, it is likely to be sloppier and easier to exploit than [Open Source code].

Next 25 Articles

Collection originally created by, donated to LUGOD by, and maintained by Bill Kendrick.

Microsoft, Internet Explorer, Outlook, IIS, XP, XBox, etc. are trademarks or registered trademarks of Microsoft.
Linux is a trademark of Linus Torvalds.
Most category icons created by Bill Kendrick.

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.